English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.2.1.2024.01
Category:General
Title:Mozilla Firefox Security Advisory (MFSA2024-01) - Linux
Summary:This host is missing a security update for Mozilla Firefox.
Description:Summary:
This host is missing a security update for Mozilla Firefox.

Vulnerability Insight:
CVE-2024-0741: Out of bounds write in ANGLE
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.

CVE-2024-0742: Failure to update user input timestamp
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.

CVE-2024-0743: Crash in NSS TLS method
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash.

CVE-2024-0744: Wild pointer dereference in JavaScript
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash.

CVE-2024-0745: Stack buffer overflow in WebAudio
The WebAudio OscillatorNode object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash.

CVE-2024-0746: Crash when listing printers on Linux
A Linux user opening the print preview dialog could have caused the browser to crash.

CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy.

CVE-2024-0748: Compromised content process could modify document URI
A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history.

CVE-2024-0749: Phishing site popup could show local origin in address bar
A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar.

CVE-2024-0750: Potential permissions request bypass via clickjacking
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.

CVE-2024-0751: Privilege escalation through devtools
A malicious devtools extension could have been used to escalate privileges.

CVE-2024-0752: Use-after-free could occur when applying update on macOS
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash.

CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.

CVE-2024-0754: Crash when using some WASM files in devtools
Some WASM source files could have caused a crash when loaded in devtools.

CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Affected Software/OS:
Firefox version(s) below 122.

Solution:
The vendor has released an update. Please see the reference(s) for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-0741
https://bugzilla.mozilla.org/show_bug.cgi?id=1864587
https://www.mozilla.org/security/advisories/mfsa2024-01/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.mozilla.org/security/advisories/mfsa2024-04/
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html
Common Vulnerability Exposure (CVE) ID: CVE-2024-0742
https://bugzilla.mozilla.org/show_bug.cgi?id=1867152
Common Vulnerability Exposure (CVE) ID: CVE-2024-0743
https://bugzilla.mozilla.org/show_bug.cgi?id=1867408
https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.mozilla.org/security/advisories/mfsa2024-14/
https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2024-0744
https://bugzilla.mozilla.org/show_bug.cgi?id=1871089
Common Vulnerability Exposure (CVE) ID: CVE-2024-0745
https://bugzilla.mozilla.org/show_bug.cgi?id=1871838
Common Vulnerability Exposure (CVE) ID: CVE-2024-0746
https://bugzilla.mozilla.org/show_bug.cgi?id=1660223
Common Vulnerability Exposure (CVE) ID: CVE-2024-0747
https://bugzilla.mozilla.org/show_bug.cgi?id=1764343
Common Vulnerability Exposure (CVE) ID: CVE-2024-0748
https://bugzilla.mozilla.org/show_bug.cgi?id=1783504
Common Vulnerability Exposure (CVE) ID: CVE-2024-0749
https://bugzilla.mozilla.org/show_bug.cgi?id=1813463
Common Vulnerability Exposure (CVE) ID: CVE-2024-0750
https://bugzilla.mozilla.org/show_bug.cgi?id=1863083
Common Vulnerability Exposure (CVE) ID: CVE-2024-0751
https://bugzilla.mozilla.org/show_bug.cgi?id=1865689
Common Vulnerability Exposure (CVE) ID: CVE-2024-0752
https://bugzilla.mozilla.org/show_bug.cgi?id=1866840
Common Vulnerability Exposure (CVE) ID: CVE-2024-0753
https://bugzilla.mozilla.org/show_bug.cgi?id=1870262
Common Vulnerability Exposure (CVE) ID: CVE-2024-0754
https://bugzilla.mozilla.org/show_bug.cgi?id=1871605
Common Vulnerability Exposure (CVE) ID: CVE-2024-0755
Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.